CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1122331 matches found

Changedetection.io <=v0.45.21 - Cross-Site Scripting

Changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...

4.3CVSS5.8AI score0.24943EPSS

Exploits0References2

Nuclei•added 6 hours ago•19 views

Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting

The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18490 info: name: Contact Form Multi by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-multi plugin before 1.2.1 for WordPress has multip...

6.1CVSS6.4AI score0.00104EPSS

Exploits1References4

Nuclei•added 6 hours ago•21 views

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

4.3CVSS5.8AI score0.01944EPSS

Exploits1References4

Nuclei•added 6 hours ago•20 views

WordPress Page Layout builder v1.9.3 - Cross-Site Scripting

WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. id: CVE-2016-1000141 info: name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site...

6.1CVSS6.2AI score0.06584EPSS

Exploits2References4

Nuclei•added 6 hours ago•65 views

Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting

Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...

9.8CVSS7.1AI score0.94313EPSS

Exploits66References5

Nuclei•added 6 hours ago•25 views

phpPgAdmin <=4.1.1 - Cross-Site Scripting

phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, which are different vectors than CVE-2007-2865. id:...

9.3CVSS5.8AI score0.04312EPSS

Exploits1References5

Nuclei•added 6 hours ago•17 views

Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

6.1CVSS6.8AI score0.17371EPSS

Exploits0References4

Nuclei•added 6 hours ago•8 views

Complete Online Job Search System 1.0 - Cross-Site Scripting

Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch. id: CVE-2022-29316 info: name: Complete Online Job Search System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Complete Online Job Search System 1.0...

9.8CVSS7.1AI score0.60412EPSS

Exploits0References2

Nuclei•added 6 hours ago•17 views

GTranslate < 2.8.65 - Cross-Site Scripting

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

6.1CVSS6.3AI score0.02674EPSS

Exploits2References2

Nuclei•added 6 hours ago•20 views

Paid Memberships Pro < 2.6.6 - Cross-Site Scripting

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting id: CVE-2021-24979 info: name: Paid Memberships Pro 2.6.6 - Cross-Site Scripting author: r3Y3r53 severity:...

6.1CVSS6.4AI score0.0269EPSS

Exploits2References3

Nuclei•added 6 hours ago•21 views

WordPress Helloprint <1.4.7 - Cross-Site Scripting

WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. Th...

6.1CVSS6.4AI score0.05856EPSS

Exploits2References3

Nuclei•added 6 hours ago•53 views

WordPress WP JobSearch <1.5.1 - Cross-Site Scripting

WordPress WP JobSearch plugin prior to 1.5.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.4AI score0.01574EPSS

Exploits1References5

Nuclei•added 6 hours ago•27 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.4AI score0.01677EPSS

Exploits2References5

Nuclei•added 6 hours ago•19 views

WordPress E2Pdf <1.16.45 - Cross-Site Scripting

WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfilteredhtml capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context o...

4.8CVSS5.8AI score0.0224EPSS

Exploits2References5

Nuclei•added 6 hours ago•30 views

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

6.1CVSS6.2AI score0.06392EPSS

Exploits2References5

Nuclei•added 6 hours ago•22 views

kkFileView 4.0.0 - Cross-Site Scripting

kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-29349 info: name: kkFileView 4.0.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.0.0...

6.1CVSS6.2AI score0.01713EPSS

Exploits1References4

Nuclei•added 6 hours ago•23 views

Advantech R-SeeNet 2.4.12 - Cross-Site Scripting

Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the sshform.php script functionality. id: CVE-2021-21800 info: name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting author: arafatansari severity: medium description: | Advantech R-SeeNet 2.4.12 contains a...

9.6CVSS6.8AI score0.64875EPSS

Exploits1References5

Nuclei•added 6 hours ago•21 views

NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting

NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php. id: CVE-2022-33119 info: name: NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting author: arafatansari severity: medium description: | NUUO NVRsolo Video Recorder 03.06.02 contains...

6.1CVSS6.2AI score0.01644EPSS

Exploits1References5

Nuclei•added 6 hours ago•21 views

RevealJS postMessage <4.3.0 - Cross-Site Scripting

RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model. id: CVE-2022-0776 info: name: RevealJS postMessage 4.3.0 - Cross-Site Scripting author: LogicalHunter severity: medium description: RevealJS postMessage before 4.3.0 contains a cross-sit...

6.1CVSS5.9AI score0.10316EPSS

Exploits1References5

Nuclei•added 6 hours ago•25 views

WordPress WooCommerce <1.13.22 - Cross-Site Scripting

WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter. id: CVE-2021-24300 info: name: WordPress WooCommerce 1.13.22 - Cross-Site Scripting author: cckuailong...

6.1CVSS6.2AI score0.03405EPSS

Exploits5References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by